Officials and citizen watchdogs are working to prevent hacking of the 2020 elections. But can they do enough?
In 2016, American democracy was hacked. Can cybersecurity prevent meddling next time?
Russian hackers have been tied to interfering with the 2016 U.S. presidential elections and 2018 midterm elections, breaching two of Florida's 67 counties' election systems, and hacking the Democratic National Committee networks.
Former Homeland Security Secretary Kirstjen Nielsen had been increasingly concerned about Russia's continued activity in the U.S. during and after the 2018 midterm elections, The New York Times has reported. The Times reported her concerns fell on deaf ears, leaving less experienced White House aides to deal with the issue.
Christopher Krebs, Director of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), is now charged with preparing for all possibilities. His agency's new Protect 2020 initiative will focus on developing cybersecurity priorities for state and local election officials, auditing elections, and patching vulnerabilities in election systems, The Hill reported.
The DHS has aggressively turned toward protecting the integrity of state and local election infrastructure, the agency says. DHS continues to work with election officials in 46 states to install Albert sensors, which track network activity and search for specific threats. The technology directly feeds the details regarding any incidents through a nonprofit cyber-intelligence data exchange before reaching DHS. But the sensors do have weaknesses, including a lack of encryption and the ability to gain access with stolen passwords.
Assisting election officials is also what Craig Newmark and the Global Cyber Alliance have offered to do, providing free cyber-defense toolkits to election officials, nonprofit election rights groups, and the media. The idea is to assemble a set of readily available resources rather than just advice.
Newmark, founder of Craigslist and Craig Newmark Philanthropies, cites stealing and tampering with information as top worries for both organizations. His concerns are not unwarranted.
Despite efforts to strengthen cybersecurity since 2016, a new report reported on by Wired demonstrates a range of flaws that could leave U.S. political parties vulnerable to attack. The researchers found, for instance, an unencrypted login page for an API linked to the Republican National Committee. And while the Democratic National Committee has deployed a two-factor authentication tool called Okta, researchers found a calendar tool that used HTTP connection (instead of the more secure HTTPS), which can allow a hacker to stage man-in-the-middle attacks.
It's no secret that all political parties collect data sets – including voter names, addresses, and dates of birth – which cybercriminals and foreign adversaries would find valuable. An unnamed U.S. political party left such data exposed in a search tool, as discovered by researchers.
Voting machines are also vulnerable. Bad actors can tamper with ballot programming, infecting the machine’s memory card with malware. With little effort, anyone with access to the memory card can alter the voting results. Machine interference could have a lasting impact in swing states that are critical to an Electoral College victory.
In 2018 a group of hackers at a conference cracked a voting machine in 15 minutes, CNET reported. Despite the risk, state officials continue to rely on digital voting machines, which often still run antiquated software.
Iowa Secretary of State Paul Pate has taken numerous steps to bolster election security in his home state, which hosts a key early caucus in the presidential primary season. “First in the nation in voting demands first-in-the-nation security,” said Pate, who has partnered with DHS to provide robust cybersecurity protection and resources for all 99 counties in the state. Pate is also implementing two-factor authentication for access to I-VOTERS, the state’s voter registration database.
Along with immigration, health care, and climate change, election security is a key issue in the 2020 elections. Underlying the topic is the question many Americans may be asking: Are we ready?
Johns Hopkins University cryptographers used publicly available documentation from Apple and Google and discovered that if you have the right tools, Android and iOS encryption may not be as robust as you think.
After a FaceTime bug was uncovered in 2019, Google researchers have discovered the same bug in other group chat apps including Signal, JioChat, Mocha, Google Duo, and Facebook Messenger.